In recent years, mobile devices (such as cellular phones, PDAs, iPhones® and iPads® by Apple Computer®, and Droid® devices by Google® and others) have become more powerful than prior generations of mobile devices and now offer additional functionality beyond just voice communication. For instance, many mobile devices today allow users to perform web browsing on the Internet, receive emails, and store and play video and audio content. Such devices contain increasingly powerful processors and enhanced video and audio capability. It is typical now for users to store audio, video, and other data files on numerous computing devices, including mobile devices. For example, a user might store an MP3 file containing a song on his or her mobile device, on a PC at home, in a cloud server, or on other computing devices. This environment is presenting increasingly complex challenges in the realm of digital rights management, whereby copyright owners (such as record labels and movie studios) attempt to prevent unauthorized digital copies of copyrighted works from being made.
Record labels and movie studios often work in conjunction with software companies to create applications that facilitate the use, storage, or sharing of digital content owned by the record label or movie studio. For example, in the realm of computing devices, record labels and movie studios will work with software companies to validate and approve the proposed software application. Although the record label or movie studio may trust that the proposed software application is not designed to allow unauthorized copies of digital content to be created, they often want additional assurances that the software application will not be tampered with by knowledgeable users, such as hackers, who wish to create unauthorized copies. Thus, record labels and movie studios want to be able to detect if the application on a certain computing device has been altered from its original state, which might suggest that a “hacker” had changed the software and is intended to create unauthorized copies of the content once it is loaded onto the computing device. Record labels and movie studios also want to be able to detect if the computing device itself or its operating system has been tampered with in a way that might enable a user to create unauthorized copies.
Record labels and movie studios sometimes provide licenses to play digital content subject to certain time restrictions. For example, a customer might purchase a license to watch a video within a 7-day “rental window” after the initial purchase to be completed within a 24-hour “play window” after the user initially begins playing the digital content. If a user purchases a license on Sunday at 7 pm, that user would then be permitted to watch the video at any point up until the following Sunday at 7 pm, but once the user started watching the video, he or she would need to complete the viewing within 24 hours. This is a standard licensing practice.
One challenge of this business model is that a customer can attempt to “trick” the system by purchasing a license from a computing device and then changing the system clock on the computing device, which the computing device and its applications utilize to derive the current date and time. For example, a user could purchase a time-restricted license and then change the system clock on the computing device so that he or she could have a rental window larger than 7 days in which to watch the video. Or, the user could start watching the video and then change the date of the device to an earlier date, so that he or she could view the video in a play window larger than 24 hours.
What is needed is a mechanism to ensure that altering the system clock on a computing device will not change the effective length of temporal rental windows and play windows for the playing of digital content. What is further needed is a mechanism to detect alterations to the system clock on a computing device to enhance the digital rights management for copyrighted works played on the computing device.
In the prior art, another challenge is that a customer can “hack” a computing device to obtain root user privileges, which would enable that user to alter the operating system and other key components of the computing device. This in turn might enable the user to make unauthorized copies of digital content. What is needed is a mechanism to detect instances where evidence exists that indicates that a user might have obtained root user privileges and to prevent that computing device thereafter from obtaining digital content.